April 14, 2014 Update: Go here to see how to manage your risk.
This about says it all.
— Indy (@Indy_Griffiths) April 10, 2014
You may be hearing about the Heartbleed server vulnerability that is currently getting a lot of exposure in the media. This vulnerability is quite serious and currently threatens most of the Internet. Here are some articles in the news describing the problem…
- The ‘Heartbleed’ security flaw that affects most of the Internet
- What Internet users can do to thwart ‘Heartbleed’ bug
- NSA Said to Exploit Heartbleed Bug for Intelligence for Years
- (This article is for super nerdy people, only.) Heartbeat Extension packets allow remote attackers to obtain sensitive information
As an eCommerce consulting company, we always take security issues very seriously and we take proactive measures to quickly identify and resolve such issues.
Here are just some of the steps we have taken. Check with your service provider (host, webmaster, SSL Certificate Issuer) to see if they have taken these steps:
- Update hosting server with the latest patches that protect against Heartbleed.
- Heartbleed Test: Use this tool to see if your site has been compromised
- If it appears that nothing would indicate that a vulnerable system has been compromised, we recommend as a precaution that you immediately update all passwords in use on your site. That includes your hosting control panel password, all email account passwords, and any passwords used within the content of your website (shopping carts, CMS like WordPress, Drupel, and other scripts).